...
- Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API, a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.
- Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.
News
...
November 2023
Version 2.1.3 4.0.1 of the Apache XML Security for Java library has been released, containing a bug fix (SANTUARIO-609 - Remove call to Signature.getProvider() in debug log)
October 2023
Versions 4.0.0, 3.0.3, 2.3.4 and 2.2.6 of the Apache XML Security for Java library has have been released. A security advisory has been fixed in these releases:
- CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output
Please see the release notes Security Advisories page for more information.
...
September 2023
Version 24.0.2 0-M1 of the Apache XML Security for C++ Java library has been released. This patch corrects a bug that can cause crashes in upstream applications. It is similar to, but not the same as, the one that was patched in V2.0.1, and resulted from further review of the code by the project that contributes all of the current manpower to the project. Appreciation is extended to the Shibboleth Project team for this review.
August 2018
is a preview release of the forthcoming 4.0.0 release which is made available for testing, it should not be used in production. The main changes are:
- Java 11 requirement
- Removing SLF4J and using System.Logger
- AutoCloseable for several types
August 2023
Version 2.2.5 Version 2.0.1 of the Apache XML Security for C++ Java library has been released.
This patch corrects a bug that can cause crashes in upstream applications.
June 2018
It contains some dependency updates to fix CVE reports.
March 2023
Versions 3.0.2 and 2.3.3 Version 2.1.2 of the Apache XML Security for Java library has have been released.
Please see the release notes for more information.
Support for the EdDSA has been added as part of these releases.
November 2021
Version 2.0.0 4 of the Apache XML Security for C++ library has been released. Please see the release notes for basic information on bugs addressed. As a major upgrade, this release includes a range of relative minor, but visible, changes to the API that are not explicitly noted there. There are no features of significance added in this version, merely some refactoring and removal of deprecated APIsThis release fixes a regression in 2.0.3 allowing the code to build on pre-1.1 OpenSSL versions.
Older News
See here for old news.
...